diff --git a/.gitignore b/.gitignore index 4d40b52..921f415 100644 --- a/.gitignore +++ b/.gitignore @@ -384,3 +384,4 @@ fabric.properties tests/test_plugin_*.py # package/etc/conf.d/local/ !package/etc/conf.d/local +replay \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index d1e1558..2a37a59 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -30,7 +30,7 @@ services: RH_ACTIVATION: ${RH_ACTIVATION} hostname: sc4s #When this is enabled test_common will fail -# command: -det + command: -det ports: - "514:514" - "601:601" @@ -72,6 +72,19 @@ services: - SPLUNKBASE_PASSWORD=${SPLUNKBASE_PASSWORD} volumes: - splunk-etc:/opt/splunk/etc + udpreplay: + build: + context: ./utility/udpreplay + args: + RH_ORG: ${RH_ORG} + RH_ACTIVATION: ${RH_ACTIVATION} + entrypoint: tail -f /dev/null + links: + - splunk + - sc4s + volumes: + - ./replay:/work + volumes: sc4s-results: external: true diff --git a/package/etc/conf.d/conflib/_common/templates.conf b/package/etc/conf.d/conflib/_common/templates.conf index a08f36d..729e5e2 100644 --- a/package/etc/conf.d/conflib/_common/templates.conf +++ b/package/etc/conf.d/conflib/_common/templates.conf @@ -42,6 +42,9 @@ template t_hdr_msg { template("${MSGHDR}${MESSAGE}"); }; +template t_legacy_hdr_msg { + template("${LEGACY_MSGHDR}${MESSAGE}"); + }; # =============================================================================================== # Message Header, Structured Data (from RFC5424 parse) and Message; for Juniper # =============================================================================================== diff --git a/package/etc/conf.d/filters/nix/syslog.conf b/package/etc/conf.d/filters/nix/syslog.conf new file mode 100644 index 0000000..bfeeb2a --- /dev/null +++ b/package/etc/conf.d/filters/nix/syslog.conf @@ -0,0 +1,5 @@ +filter f_nix_syslog { + program("[a-zA-Z0-9\/]+") + and + match('[a-zA-Z\]]: $' value("LEGACY_MSGHDR")) +}; \ No newline at end of file diff --git a/package/etc/conf.d/log_paths/p_rfc3164-checkpoint_splunk.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-checkpoint_splunk.conf.tmpl index 1f5c620..316bd6d 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-checkpoint_splunk.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-checkpoint_splunk.conf.tmpl @@ -78,7 +78,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} {{- if or (or (getenv (print "SC4S_LISTEN_CHECKPOINT_SPLUNK_TCP_PORT")) (getenv (print "SC4S_LISTEN_CHECKPOINT_SPLUNK_UDP_PORT"))) (getenv (print "SC4S_LISTEN_CHECKPOINT_SPLUNK_TLS_PORT")) }} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-cisco_asa.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-cisco_asa.conf.tmpl index a07d6a1..26dfaea 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-cisco_asa.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-cisco_asa.conf.tmpl @@ -41,7 +41,7 @@ log { {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-cisco_ios.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-cisco_ios.conf.tmpl index 554277b..d03081a 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-cisco_ios.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-cisco_ios.conf.tmpl @@ -43,7 +43,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-cisco_ise.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-cisco_ise.conf.tmpl index cca9afd..bdd92d4 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-cisco_ise.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-cisco_ise.conf.tmpl @@ -92,7 +92,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/p_rfc3164-cisco_nxos.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-cisco_nxos.conf.tmpl index fd7a8b4..0d28a3a 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-cisco_nxos.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-cisco_nxos.conf.tmpl @@ -44,7 +44,7 @@ log { {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-forcepoint_webprotect.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-forcepoint_webprotect.conf.tmpl index b35e857..d86957d 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-forcepoint_webprotect.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-forcepoint_webprotect.conf.tmpl @@ -41,7 +41,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-fortinet_fortios.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-fortinet_fortios.conf.tmpl index 1be63f1..02be55a 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-fortinet_fortios.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-fortinet_fortios.conf.tmpl @@ -60,7 +60,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-juniper_idp.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-juniper_idp.conf.tmpl index 761a8c0..b9d1ca1 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-juniper_idp.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-juniper_idp.conf.tmpl @@ -45,7 +45,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-juniper_junos.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-juniper_junos.conf.tmpl index d461e5e..0ecaee2 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-juniper_junos.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-juniper_junos.conf.tmpl @@ -58,7 +58,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-juniper_netscreen.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-juniper_netscreen.conf.tmpl index b735a73..ca717e8 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-juniper_netscreen.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-juniper_netscreen.conf.tmpl @@ -42,7 +42,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-juniper_nsm.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-juniper_nsm.conf.tmpl index 5571ba0..94bbba5 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-juniper_nsm.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-juniper_nsm.conf.tmpl @@ -43,7 +43,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-juniper_nsm_idp.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-juniper_nsm_idp.conf.tmpl index bb717e0..e571083 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-juniper_nsm_idp.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-juniper_nsm_idp.conf.tmpl @@ -40,7 +40,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-microfocus_arcsight.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-microfocus_arcsight.conf.tmpl index db6cd6a..0114932 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-microfocus_arcsight.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-microfocus_arcsight.conf.tmpl @@ -88,7 +88,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-paloalto_panos.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-paloalto_panos.conf.tmpl index 05c45ad..6ee0ad0 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-paloalto_panos.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-paloalto_panos.conf.tmpl @@ -92,7 +92,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-proofpoint_pps.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-proofpoint_pps.conf.tmpl index 78f234c..4b383e8 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-proofpoint_pps.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-proofpoint_pps.conf.tmpl @@ -50,7 +50,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-proofpoint_pps_filter.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-proofpoint_pps_filter.conf.tmpl index 09dd410..2325290 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-proofpoint_pps_filter.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-proofpoint_pps_filter.conf.tmpl @@ -39,7 +39,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-ubiquiti_unifi.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-ubiquiti_unifi.conf.tmpl index 55bd6a7..7ca3176 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-ubiquiti_unifi.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-ubiquiti_unifi.conf.tmpl @@ -126,7 +126,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc3164-zscaler_nss.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-zscaler_nss.conf.tmpl index 47a77c1..21ffa8b 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-zscaler_nss.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-zscaler_nss.conf.tmpl @@ -81,7 +81,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc5424-noversion_cisco_asa.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc5424-noversion_cisco_asa.conf.tmpl index a7f069c..0e803a7 100644 --- a/package/etc/conf.d/log_paths/p_rfc5424-noversion_cisco_asa.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc5424-noversion_cisco_asa.conf.tmpl @@ -39,7 +39,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc5424-noversion_symantec_proxy.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc5424-noversion_symantec_proxy.conf.tmpl index 855d390..2c3c547 100644 --- a/package/etc/conf.d/log_paths/p_rfc5424-noversion_symantec_proxy.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc5424-noversion_symantec_proxy.conf.tmpl @@ -42,7 +42,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc5424-strict_juniper_junos.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc5424-strict_juniper_junos.conf.tmpl index 40bce61..766bbff 100644 --- a/package/etc/conf.d/log_paths/p_rfc5424-strict_juniper_junos.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc5424-strict_juniper_junos.conf.tmpl @@ -61,6 +61,8 @@ log { destination(d_archive); {{- end}} + + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_rfc5424_epoch-cisco_meraki.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc5424_epoch-cisco_meraki.conf.tmpl index 18a37b4..949fcce 100644 --- a/package/etc/conf.d/log_paths/p_rfc5424_epoch-cisco_meraki.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc5424_epoch-cisco_meraki.conf.tmpl @@ -39,7 +39,7 @@ log { destination(d_archive); {{- end}} - flags(flow-control); + flags(flow-control,final); }; {{- end}} diff --git a/package/etc/conf.d/log_paths/p_za_nix_syslog.conf.tmpl b/package/etc/conf.d/log_paths/p_za_nix_syslog.conf.tmpl new file mode 100644 index 0000000..1d3aef3 --- /dev/null +++ b/package/etc/conf.d/log_paths/p_za_nix_syslog.conf.tmpl @@ -0,0 +1,58 @@ +# Proofpoint +{{ $context := dict "port_id" "NIX_SYSLOG" "parser" "common" }} +{{ tmpl.Exec "t/source_network.t" $context }} +# The following is an inline template; we will use this to generate the actual log path +{{ define "log_path" }} +log { +{{- if eq (.) "yes" }} + source(s_DEFAULT); + filter(f_nix_syslog); +{{- end }} +{{- if eq (.) "no" }} + source (s_NIX_SYSLOG); +{{- end }} + + rewrite { + set("zscaler_nss", value("fields.sc4s_vendor_product")); + subst("^[^\t]+\t", "", value("MESSAGE"), flags("global")); + }; + parser { + #basic parsing + kv-parser(prefix(".kv.") pair-separator("\t") template("${MSG}")); + }; + + rewrite { r_set_splunk_dest_default(sourcetype("nix:syslog"), index("main"))}; + parser { p_add_context_splunk(key("nix_syslog")); }; + + parser (compliance_meta_by_source); + + #We want to unset the fields we won't need, as this is copied into the + #disk queue for network destinations. This can be very disk expensive + #if we don't + rewrite { + set("$(template ${fields.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG")); + unset(value("RAWMSG")); + unset(value("PROGRAM")); + unset(value("LEGACY_MSGHDR")); + groupunset(values(".kv.*")); + }; + +{{- if ((getenv "SC4S_NIX_SYSLOG_GLOBAL" "yes") | conv.ToBool) or (conv.ToBool (getenv "SC4S_DEST_NIX_SYSLOG_HEC" "no") | conv.ToBool) }} + destination(d_hec); +{{- end}} + +{{- if (getenv "SC4S_ARCHIVE_GLOBAL") or (getenv "SC4S_ARCHIVE_NIX_SYSLOG") }} + destination(d_archive); +{{- end}} + + flags(flow-control,final); +}; +{{- end}} + +{{- if or (or (getenv (print "SC4S_LISTEN_NIX_SYSLOG_TCP_PORT")) (getenv (print "SC4S_LISTEN_NIX_SYSLOG_UDP_PORT"))) (getenv (print "SC4S_NIX_SYSLOG_NSS_TLS_PORT")) }} +# Listen on the specified dedicated port(s) for NIX_SYSLOG traffic + {{ tmpl.Exec "log_path" "no" }} +{{- end}} + +# Listen on the default port (typically 514) for NIX_SYSLOG traffic +{{ tmpl.Exec "log_path" "yes" }} diff --git a/package/etc/conf.d/log_paths/zfallback.conf.tmpl b/package/etc/conf.d/log_paths/p_zz_fallback.conf.tmpl similarity index 91% rename from package/etc/conf.d/log_paths/zfallback.conf.tmpl rename to package/etc/conf.d/log_paths/p_zz_fallback.conf.tmpl index 0f36b1f..15c3931 100644 --- a/package/etc/conf.d/log_paths/zfallback.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_zz_fallback.conf.tmpl @@ -16,7 +16,7 @@ log { #in fallback archive only write rawmsg as msg rewrite { - set("value(RAWMSG)" value("MSG")); + set("$RAWMSG" value("MSG")); unset(value("RAWMSG")); unset(value("PROGRAM")); unset(value("LEGACY_MSGHDR")); @@ -27,5 +27,5 @@ log { destination(d_archive); {{- end}} - flags(flow-control,fallback); + flags(flow-control,fallback,final); }; diff --git a/package/etc/syslog-ng.conf b/package/etc/syslog-ng.conf index 4f19083..84c177b 100644 --- a/package/etc/syslog-ng.conf +++ b/package/etc/syslog-ng.conf @@ -52,11 +52,14 @@ options { @include "conf.d/conflib/blocks/*/*.conf" @include "conf.d/filters/*/*.conf" -@include "conf.d/sources/*.conf" -@include "conf.d/destinations/*.conf" -@include "conf.d/log_paths/*.conf" - @include "conf.d/local/config/filters/*.conf" + +@include "conf.d/sources/*.conf" @include "conf.d/local/config/sources/*.conf" +@include "conf.d/destinations/*.conf" @include "conf.d/local/config/destinations/*.conf" + @include "conf.d/local/config/log_paths/*.conf" +@include "conf.d/log_paths/*.conf" + + diff --git a/tests/pytest.ini b/tests/pytest.ini index 00b64d9..ce9083e 100644 --- a/tests/pytest.ini +++ b/tests/pytest.ini @@ -1,5 +1,5 @@ [pytest] addopts = - --force-flaky --max-runs=3 --min-passes=1 +# --force-flaky --max-runs=3 --min-passes=1 filterwarnings = ignore::DeprecationWarning diff --git a/tests/test_common.py b/tests/test_common.py index ce279a6..9855cc9 100644 --- a/tests/test_common.py +++ b/tests/test_common.py @@ -17,7 +17,7 @@ def test_defaultroute(record_property, setup_wordlist, setup_splunk): host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist)) - mt = env.from_string("{{ mark }} {% now 'utc', '%b %d %H:%M:%S' %} {{ host }} sc4sdefault[0]: test\n") + mt = env.from_string("{{ mark }} {% now 'utc', '%b %d %H:%M:%S' %} {{ host }} test something else\n") message = mt.render(mark="<111>", host=host) sendsingle(message) @@ -55,7 +55,7 @@ def test_internal(record_property, setup_wordlist, setup_splunk): def test_tag(record_property, setup_wordlist, setup_splunk): host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist)) - mt = env.from_string("{{ mark }} {% now 'utc', '%b %d %H:%M:%S' %} testvp-{{ host }} sc4sdefault[0]: test\n") + mt = env.from_string("{{ mark }} {% now 'utc', '%b %d %H:%M:%S' %} testvp-{{ host }} test\n") message = mt.render(mark="<111>", host=host) sendsingle(message) diff --git a/tests/test_linux_syslog.py b/tests/test_linux_syslog.py new file mode 100644 index 0000000..3731db0 --- /dev/null +++ b/tests/test_linux_syslog.py @@ -0,0 +1,57 @@ +# Copyright 2019 Splunk, Inc. +# +# Use of this source code is governed by a BSD-2-clause-style +# license that can be found in the LICENSE-BSD2 file or at +# https://opensource.org/licenses/BSD-2-Clause +import datetime +import random +import pytz + +from jinja2 import Environment, environment + +from .sendmessage import * +from .splunkutils import * +import random + +env = Environment(extensions=['jinja2_time.TimeExtension']) + +#<78>Oct 25 09:10:00 /usr/sbin/cron[54928]: (root) CMD (/usr/libexec/atrun) +def test_linux_program_as_path(record_property, setup_wordlist, setup_splunk): + host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist)) + pid = random.randint(1000, 32000) + + mt = env.from_string("{{ mark }} {% now 'utc', '%b %d %H:%M:%S' %} /usr/sbin/cron[{{ pid }}]: (root) CMD (/usr/libexec/atrun)\n") + message = mt.render(mark="<111>", host=host, pid=pid) + + sendsingle(message) + + st = env.from_string("search index=main \"[{{ pid }}]\" sourcetype=\"nix:syslog\" | head 2") + search = st.render(host=host, pid=pid) + + resultCount, eventCount = splunk_single(setup_splunk, search) + + record_property("host", host) + record_property("resultCount", resultCount) + record_property("message", message) + + assert resultCount == 1 + +def test_linux_program_conforms(record_property, setup_wordlist, setup_splunk): + host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist)) + pid = random.randint(1000, 32000) + + mt = env.from_string("{{ mark }} {% now 'utc', '%b %d %H:%M:%S' %} cron[{{ pid }}]: (root) CMD (/usr/libexec/atrun)\n") + message = mt.render(mark="<111>", host=host, pid=pid) + + sendsingle(message) + + st = env.from_string("search index=main \"[{{ pid }}]\" sourcetype=\"nix:syslog\" | head 2") + search = st.render(host=host, pid=pid) + + resultCount, eventCount = splunk_single(setup_splunk, search) + + record_property("host", host) + record_property("resultCount", resultCount) + record_property("message", message) + + assert resultCount == 1 \ No newline at end of file diff --git a/utility/udpreplay/Dockerfile b/utility/udpreplay/Dockerfile new file mode 100644 index 0000000..2dbd80f --- /dev/null +++ b/utility/udpreplay/Dockerfile @@ -0,0 +1,40 @@ +#To the extent possible under law, the person who associated CC0 with +#Splunk Connect for Syslog (SC4S) has waived all copyright and related or neighboring rights +#to Splunk Connect for Syslog (SC4S). +# +#You should have received a copy of the CC0 legalcode along with this +#work. If not, see . +FROM registry.access.redhat.com/rhel7/rhel + +ARG RH_ORG +ARG RH_ACTIVATION + +RUN subscription-manager register --org=$RH_ORG --activationkey=$RH_ACTIVATION --force +RUN subscription-manager repos --enable=rhel-7-server-extras-rpms --enable=rhel-7-server-optional-rpms --enable=rhel-server-rhscl-7-rpms + +RUN yum -y install libpcap-devel gcc-c++ git findutils autoconf \ + autoconf-archive automake ca-certificates git libtool pkgconfig bison byacc file \ + flex pcre-devel glib2-devel openssl-devel librdkafka-devel libcurl-devel \ + rh-python36 rh-python36-python-tools rh-python36-scldevel\ + net-snmp-devel \ + libuuid-devel make libxslt docbook-style-xsl gcc-c++ tzdata libxml2 sqlite \ + json-c-devel gnupg wget curl which bzip2 doxygen libsecret ivykis-devel -y + +RUN cd /tmp ;\ + wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm ;\ + yum install epel-release-latest-7.noarch.rpm -y ;\ + rm epel-release-latest-7.noarch.rpm ;\ + yum install -y cmake3 boost-devel + + + +RUN cd ~ ; git clone https://github.com/ska-sa/udpreplay.git +RUN cd ~/udpreplay && \ + ./bootstrap.sh && \ + ./configure && \ + make && \ + make install && \ + cd ~ ; rm -Rf udpreplay + +RUN subscription-manager unregister +ENTRYPOINT ["/bin/tail", "-f", "/dev/null"]